Fedora 23 support is going to be EOL on Tuesday, December 20th, 2016.
At this day we are going to close all the Fedora 23 bugs which will
remain open [1].
You have last few weeks to submit your updates to the Fedora 23, if
you have any, before the Fedora 23 release becomes unsupported.
[1] https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fed...
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic

= Proposed Self Contained Change:Java/OpenJDK enforces the system-wide
crypto policy =
https://fedoraproject.org/wiki/Changes/JavaCryptoPolicies
Change owner(s):
* Nikos Mavrogiannopoulos <nmav AT redhat DOT com>
As it is now, the System-wide crypto policy in F25 is enforced by the
OpenSSL, GnuTLS and NSS TLS libraries. To harmonize crypto across all
applications in Fedora, including the Java ones, OpenJDK is enhanced
to respect the settings of the system-wide crypto policy as well.
== Detailed Description ==
As it is now, the System-wide crypto policy in F25 is enforced by the
OpenSSL, GnuTLS and NSS TLS libraries. To harmonize crypto across all
applications in Fedora, including the Java ones, OpenJDK is enhanced
to respect the settings of the system-wide crypto policy as well.
After that change the administrator should be assured that any Java
application will follow a policy that adheres to the configured
profile.
== Scope ==
* Proposal owners:
The change requires modifying OpenJDK to read additional security
properties from the generated by the crypto policies file
(/etc/crypto-policies/back-ends/java.config).
* Other developers:
There are no required actions by other developers. The change requires
only targeted changes to openjdk and crypto-policies.
* Release engineering:
No actions required.
* Policies and guidelines:
The packaging guidelines for crypto policies need to be modified to
include OpenJDK/java in the list of libraries supporting the policies.
* Trademark approval:
N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic

Hi All,
We are wanting to write to you all about an important date coming up. On the
12th of December 2016 we will be making some important changes that will
require changes on every developers machine. In this case developers means
every one that interacts with koji using authentication
lookaside cache checksum hash. currently packages are stored in lookaside
cache using md5sum we will be switching to sha256sum. The support for this has
been in fedpkg for awhile, we have not switched the default as once we do any
source uploaded with sha256sum will only be able to be verified by a client
that supports sha256sum.
koji authentication will be switching to Kerberos. Koji supports multiple
authentication mechanisms. Fedora infrastructure has set up a freeipa instance
internally that has credential syncing to fas. We are working on ensuring that
gssapi caching is supported so that you can have multiple TGT's and the
ability to work in multiple reams at once. you can get started today by doing
kinit <fas username>@FEDORAPROJECT.ORG if you move your ~/.fedora.cert file
out of the way authentication will still work.
Using well known certs for koji.fedoraproject.orgarm.koji.fedoraproject.orgppc.koji.fedoraproject.orgs390.koji.fedoraproject.orgpkgs.fedoraproject.org
this is the last step needed to have fedoraproject.org switch to hsts and
default to https:// when connecting to any fedora service. It will also remove
a lot of questions that new people have when connecting to koji via https.
Disable ssl cert authentication in koji. With the switch to keberos and the
change of ssl certificates on the koji and pkgs servers we will be disabling
the ability to login to koji using a ssl certificate completely. This change
will require new koji client configurations for everyone.
Gate rawhide builds. Gating will enable us to sign rawhide builds and switch
the rawhide repo to having gpgcheck enabled.
In order to achieve everything we have to break end user configurations. All
users will need to have new enough versions of fedora-packager, fedpkg, rpkg,
koji. the exact versions needed are not yet known as some enhancements are
still being worked on. We will be aiming to have everything pushed stable
right before the flag day. Some of the changes will not be compatible with the
existing setup. We anticipate keeping everyone informed as we move forward
about any actions that will need to be taken on the developer side. there is
a wiki page at https://fedoraproject.org/wiki/ReleaseEngineering/FlagDay2016
that will be updated as more is known.
Not in scope at this point is using kerberos for ssh or other apps supported
by infrastructure, though it is not ruled out going forward.
If you have any questions please respond here or in #fedora-releng on freenode
Thanks
Release Engineering and Infrastructure

= System Wide Change: Fedora 26 Boost 1.63 upgrade =
https://fedoraproject.org/wiki/Changes/F26Boost163
Change owner(s):
* Jonathan Wakely < jwakely AT redhat DOT com >
This change brings Boost 1.63.0 to Fedora 26. This will mean F26 ships
with a recent upstream Boost release.
== Detailed Description ==
The aim is to synchronize Fedora with the most recent Boost release.
Because ABI stability is one of explicit Boost non-goals, this entails
rebuilding of all dependent packages. This has also always entailed
yours truly assisting maintainers of client packages in decoding
cryptic boost-ese seen in output from g++. Such care is to be expected
this time around as well.
Boost 1.63 is scheduled for release on Dec 14th, 2016. It's possible
that 1.64.0 will be released early enough in the F26 schedule to
rebase on that instead, with beta releases available for testing in
advance.
== Scope ==
* Proposal owners:
- Build will be done with Boost.Build v2 (which is the
upstream-sanctioned way of building Boost)
- Request a "f25-boost" build system tag (discussion):
https://fedorahosted.org/rel-eng/ticket/6235 → f24-boost
- Build boost into that tag (take a look at the build #606493 for inspiration)
- Post a request for rebuilds to fedora-devel
- Work on rebuilding dependent packages in the tag.
- When most is done, re-tag all the packages to rawhide
- Watch fedora-devel and assist in rebuilding broken Boost clients (by
fixing the client, or Boost).
* Other developers:
Those who depend on Boost DSOs will have to rebuild their packages.
Feature owners will alleviate some of this work as indicated above,
and will assist those whose packages fail to build in debugging them.
* Release engineering: Side tag creation.
* List of deliverables: All deliverables will include updated Boost packages
* Policies and guidelines: Apart from scope, this is business as
usual, so no policies, no guidelines.
* Trademark approval: N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic